On Thu, Oct 3, 2013 at 7:25 PM, Antoine Pelisse <apelisse@xxxxxxxxx> wrote:
> I've not followed the thread so much but, in that
> entry.c::checkout_entry,() we do:
>
> memcpy(path, state->base_dir, len);
> strcpy(path + len, ce->name);
>
> which can of course result in memory violation if PATH is not long enough.
>
...aaand you're spot on. The following patch illustrates it:
$ /git/git-clone.exe mingw-checkout-crash.git
Cloning into 'mingw-checkout-crash'...
done.
fatal: argh, this won't work!
warning: Clone succeeded, but checkout failed.
You can inspect what was checked out with 'git status'
and retry the checkout with 'git checkout -f HEAD'
---
diff --git a/entry.c b/entry.c
index acc892f..505638e 100644
--- a/entry.c
+++ b/entry.c
@@ -244,6 +244,9 @@ int checkout_entry(struct cache_entry *ce,
if (topath)
return write_entry(ce, topath, state, 1);
+ if (len > PATH_MAX || len + strlen(ce->name) > PATH_MAX)
+ die("argh, this won't work!");
+
memcpy(path, state->base_dir, len);
strcpy(path + len, ce->name);
len += ce_namelen(ce);
> On Thu, Oct 3, 2013 at 12:26 AM, Wataru Noguchi <wnoguchi.0727@xxxxxxxxx> wrote:
>> Hi,
>>
>> At last, I foundfollowing Makefile optimization suppression works fine in my
>> case.
>>
>> CFLAGS = -g -O2 -fno-inline-small-functions -Wall
>>
>> Following optimization option cause crash,
>>
>> -finline-small-functions
> --
> To unsubscribe from this list: send the line "unsubscribe git" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html